1.11M Members

Session Management and Login Validation PHP

 
0
 

I would like to solved out the SESSION part in ALL files. SESSION is not working properely anymore. In addition, i need to solved out the javascript errors.

Objective is to access the dashboard.php and other pages from LOGIN.php and CREATEACCOUNT.php WITH validation and SESSION. There are two files: login.php and createaccount.php, from which user comes to dashboard.php in both cases.

When user forgot the password, i need to send password by email AND save new password into the database. I have used md5 method. Please let me know password recovery by email. I have tried so many times to manage ALL the things. It is not working in expected manner.

// js.js
function validateForm()
{
    var testemail=document.forms["SignIn"]["txtEmail"].value;
    var atpos=testemail.indexOf("@");
    var dotpos=testemail.lastIndexOf(".");
    if (atpos<1 || dotpos<atpos+2 || dotpos+2>=testemail.length)
    {
        alert("Enter Valid Email");
        return false;
    }
    var testpwd=document.forms["SignIn"]["pwd"].value;
    if (testpwd==null || testpwd=="")
    {
        alert("Password must be filled out");
        return false;
    }  
    if(testpwd.length<6)
    {
        alert("Length must be >=6 "); 
        return false;
    }
}

function validatenewuser() 
{
    var testemail=document.forms["SignUp"]["txtEmail"].value;
    var atpos=testemail.indexOf("@");
    var dotpos=testemail.lastIndexOf(".");
    if (atpos<1 || dotpos<atpos+2 || dotpos+2>=testemail.length)
    {
        alert("Enter Valid Email");
        return false;
    }

    var testpassword=document.forms["SignUp"]["pwd"]["cnfmpwd"].value;
    var password = document.getElementById(pwd).value;
    var confirmpassword = document.getElementById(cnfmpwd).value;
    if (password == confirmpassword) 
    {
        alert("Password Match..!!");
        return false;
    } 
    else 
    {
        alert("Verify your password");
        return false;
    }
}

=================================================================================
//createaccount.php

<form method="post" name="SignUp" action="" onSubmit="return validate_newuser();">                   
    <table>
        <tr>
        <td> Your email address: </td>
        <td> <input type="text" id="txtEmail" name="txtEmail" required="required" /> </td>
        </tr>
        <tr>
        <td> Choose your Password: </td>
        <td> <input type="password" id="pwd" name="pwd" required="required" /> </td>
        </tr>
        <tr>
        <td> Confirm Password: </td>
        <td> <input type="password" id="cnfmpwd" name="cnfmpwd" required="required" /> </td>
        </tr>                    
    </table>
    <input type="submit" class="btnLogin" value="OK" style="display:inline-block; font-weight:bold; font-size:12px; margin-left:350px;" />
</form>          
=================================================================================
//login.php

<form method="post" name="SignIn" action="" onSubmit="return validateForm();">                           
    <table>
        <tr>
        <td> Enter your Email: </td>
        <td> <input type="text" name="txtEmail" /> </td>
        </tr>
        <tr>
        <td> Enter your Password:  </td>
        <td> <input type="password" name="pwd" autocomplete="off" /> </td>
        </tr>                
    </table>         
    <input type="submit" class="btnLogin" value="Go" style="display:inline-block; font-weight:bold; font-size:12px; margin-left:350px;" />

</form>  

=================================================================================
//dashboard.php  +  There are other pages like configure.php and profile.php

<?php
    session_start();
    include "config.php";  
    include kSERVERPATH."init.php";
?>
<html>
    <head>
        <script type="text/javascript" src="js.js" media="all" /></script>
    </head>
<body>

<?php
    $CON // connection works

    $txtEmail=$_POST['txtEmail'];
    $pwd=$_POST['pwd'];
    $cnfmpwd=$_POST['cnfmpwd'];
    $encrypt_password=md5($pwd);

    $query = " SELECT * FROM `users` WHERE `email` = '".$txtEmail."' ";
    $result = mysql_query($query);
    $NumResponse = mysql_num_rows($result);

    if($NumResponse>0)
    {
        echo "<script type='text/javascript'>\n";
        echo "alert('Already Registered..!! )\n";
        echo "</script>";
    }
    else if($pwd==$cnfmpwd)
    {          

        $query = "INSERT INTO `busyexpe`.`users` (`id_user`, `email`, `ref_lang`, `password`, `date_creation`, `date_updated`,          `pwdResetDate`) VALUES (NULL, '".$txtEmail."', '1', '".$encrypt_password."', NOW(), NOW(), NOW());" ;       
        $result = mysql_query($query) or die(mysql_error());;
        echo "<script type='text/javascript'>\n";
        echo "alert('Your account has been succesfully created..!!')\n";
        echo "</script>";
    }

=================================================================================

//logout.php

<?php
    session_start();
    session_destroy();
    header("Location: index.php");
?>

Thanks in advanced.

 
0
 

What doesn't "work" you need be more specific!

Questions / points:

1) Does this even execute?

$CON // connection works

2) Don't use mysql_* these commands are being depreciated.

3) Where do you set the sessions? For example:

<?php
    session_start();
    $_SESSION['Phorce'] = "Phorce";


    echo "User: " . $_SESSION['Phorce'];

    session_destroy();

    echo "User: " . $_SESSION['Phorce'];

4) In "logout.php" if you want to destroy a session, why are you creating a new session just to destroy it? You create the session at the beginning of your script.

LastMitch
Deleted Member
 
0
 

@PriteshP23

Objective is to access the dashboard.php and other pages from LOGIN.php and CREATEACCOUNT.php WITH validation and SESSION. There are two files: login.php and createaccount.php, from which user comes to dashboard.php in both cases.

I think it has something to do with your <form> that has javascript in it.

You really shouldn't combine javascript with php like that.

 
0
 

@phorce

  1. $CON // I mean to say i have successfully connected with database. It is not executable.

  2. I will chage it.

  3. I am not sure for SESSION logic.

  4. I will put only session_destroy(); header("Location: index.php"); in logout.php

Please correct the code. Thanks in advanced.

 
0
 

@LastMitch

If you have ANY idea, do modification IN my code. I need urgent help in order to get the result.

 
0
 

@LastMitch
@phorce

I need your urgent help. Please let me know IF you have find mistake or another way to do so.

 
0
 

@PriteshP23 - We have our own lives, and, we choose to help people. It is rude (and probably against the rules) to demand you want your code looking at and fixing. You haven't even told us what is going wrong (What are the error messages? If any..)

NOTE: We don't have your server, nor access to your database and we are not compilers / intepreters that can just read through your code and process it. TELL US what is going wrong with the code.

 
0
 

@phorce

I am sorry if i had demanded and take your more time.

I have already mentioned that there is a problem in SESSION & JavaScript. It is not displaying error. IF it has other errors, i had already put it with my code.

I would like to know my mistake when i tried to create a session. Nothing else i required.

 
0
 

in login.php there is no php code.just you are doing validation in javascript.
But You are saving the Register people data in database.but u r nt comparing the input email & password values with saved values from database..then how u r redirecting the user to dashboard .php

 
0
 

@varma51

The thing is SESSION is not working. I have created session when user comes to dashboard.php page. I THINK Login page has nothing to do with session (php code).

I got the error:

Notice: Undefined index:

 
0
 

@PriteshP23 How do you expect SESSION to work, when you initialise a session, but, don't actually define anything as a session?

 
0
 

I have to SET session. That was missing in my code. Thank you all for your time and help..!!

<?php
if(isset ($_POST['form_action3'])){
        if  ($_POST['register']=="register_me")
        {
            $txtEmail = $_POST['form_action'];
            $pswd = $_POST['pswd'];
            $cnfmpswd = $_POST['cnfmpswd'];
            $encrypt_password = md5($pswd);

            $query = "";
            $result = mysql_query($query);
            $NumResponse = mysql_num_rows($result); 
            if($NumResponse>0)
            {
                echo "<script type='text/javascript'>\n";
                echo "alert('Already Registered..!! )\n";
                echo "</script>";
            }
            else{  
                $query = "";        
                $result = mysql_query($query) or die(mysql_error());;
                echo "<script type='text/javascript'>\n";
                echo "alert('Your account has been succesfully created..!!')\n";
                echo "</script>";
                include "dashboard.php";
            }
        }
    }   
?>

<body>
<form method="post" name="SignUp" action="" onSubmit="return validatenewuser();">                    
    <div class="divLogin">
    <table>
    <tr>
    <td> Your email address: </td>
    <td> <input type="text" id="form_action" name="form_action"  required="required" /> </td>
    </tr>
    <tr>
    <td> Choose your Password: </td>
    <td> <input type="password" id="pswd" name="pswd" required="required" /> </td>
    </tr>
    <tr>
    <td> Confirm Password: </td>
    <td> <input type="password" id="cnfmpswd" name="cnfmpswd" required="required" /> </td>
    </tr>                    
    </table>
    </div>

    <br /><div id="message">Nothing else required.</div><br />
    <input type="hidden" name="register" value="register_me" />

    <input type="submit" class="btnLogin" name="form_action3" value="OK" />

</form>          

</body>
Question Answered as of 1 Year Ago by phorce, LastMitch and varma51
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: